Internal Security Directive (FTC v. ChoicePoint Inc. (2006))¶
Use this to issue a directive or mandate from leadership on security: required actions, deadlines, or standards; creates clear accountability and follow-up.
Purpose¶
This directive establishes mandatory internal actions and timelines required to address risks and obligations associated with FTC v. ChoicePoint Inc. (2006). It is intended to create clear operational expectations, ownership, and enforcement posture across relevant teams.
Hallucinated writing examples¶
Scenario: In an illustrative period following the FTC 2006 settlement and findings on fraudulent account onboarding (time), the Security Director (role) prepares a internal security directive (type) for leadership stakeholders (audience).
INTERNAL SECURITY DIRECTIVE
Context: This directive is issued after FTC settlement obligations to prevent fraudulent onboarding and unauthorized consumer data access. It mandates verification, monitoring, and exception controls across subscriber access workflows.
Directive: Effective immediately, high-risk subscriber onboarding shall use enhanced verification controls and documented approvals before access activation. Query and export monitoring shall be enabled for designated channels. Exceptions require formal CISO approval with mitigation and expiry date. Baseline compliance and backlog plans are due by June 30, 2006.
Accountability and Deadlines: Fraud and onboarding owners are accountable for implementation and evidence. Security governance tracks directive execution and manages exceptions. Weekly high-risk status reporting is required until controls stabilize; unresolved severe issues escalate to executive governance and compliance leadership.
Document-type guide: Internal Security Directive
Writing tips: Writing best practices — Internal Security Directive